How to set up squid-cache to use an external proxy

Purpose

My IP is blocked by jag-lovers.org, so I wanted to use a free external proxy to access. I have a static IP, so I can't just change my IP to avoid the block.

Scenario

I have already set up a transparent squid-cache version 3 proxy in order to use DansGuardian, but my solution also works when squid is not transparent and/or DansGuardian is not used. Squid is running on a Slackware Linux computer that has 2 network cards (NICs), one of which is connected to the internet via a cable modem and the other to my internal network (LAN) switch. I use iptables to redirect requests for external web sites. Port 8080 is the DansGuardian port in my setup:

# Create an exception for the squid server:
iptables -t nat -A PREROUTING -p tcp -s 192.168.1.1 --dport 80 -j ACCEPT
# Redirect all other LAN requests:
iptables -t nat -A PREROUTING -p tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to 192.168.1.1:8080
# Create an exception for root:
iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner root --dport 80 -j ACCEPT
iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner squid --dport 80 -j REDIRECT --to-port 8080
iptables -I OUTPUT -o eth1 -p tcp -s 127.0.0.1 -d 127.0.0.1 --dport 8080 -j ACCEPT

I found a list of free proxy servers at HideMyAss, where I set Sort By: to United States and checked Hide PlanetLab Proxies? Because I wanted to use a squid proxy, I selected only the servers where the Port was 3128. I tested by setting up Firefox on a LAN machine (Windows OS) to proxy the server and found that, although the first server rejected me, the second in the list worked. The server I selected is not all that fast, so I may hunt for something faster, but for now I am OK with this one.

Squid configuration

Add an acl for the domain you want to go through the external proxy:

acl jag dstdomain .jag-lovers.org

Add an external proxy server. It must be a "parent":

cache_peer IP.AD.DR.ESS parent    3128  3130  default

Specify the domain you want redirected to the above server:

cache_peer_domain IP.AD.DR.ESS .jag-lovers.org

Repeat the above three entries if you want to use different proxies for other domains. Only one can have the default option. If you just want more domains to use the same external proxy, the acl and cache_peer_domain lines (reputedly but untested) allow more than one domain, so just create a space delimited list of domains on each of those lines (then test)!

Allow requests to destinations not in the above acl to bypass the external proxy:

always_direct deny jag

Note that jag in the above line must be an acl.

Finally, force requests to use the remote proxy:

never_direct allow all

Reload your new squid.conf:

squid -k reconfigure